Summary
This host is installed with Mozilla firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- The improper implementation of drag-and-drop feature, fails to display the URL properly in addressbar.
- An error when handling 'feed:' URLs can be exploited to bypass the output filters and execute arbitrary JavaScript code.
- The context-menu restrictions for data: URLs are not the same as for javascript: URLs, which allows to conduct XSS attacks.
Affected
Mozilla Firefox version 4.x through 13.0
Mozilla Firefox ESR version 10.x before 10.0.6 on Windows
References
- http://secunia.com/advisories/49965
- http://securitytracker.com/id/1027256
- http://securitytracker.com/id/1027257
- http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1950, CVE-2012-1965, CVE-2012-1966 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Apache Tomcat servlet/JSP container default files